Tech Support Forum - View Single Post

Quanta123 · 05-07-2007, 06:52 PM

Hi. Thx for reply. Everything is the same. I still cant uninstall StrongestOptimizer and i cant google HJT. Heres the Logs

FixLinkopt.txt-----------------------------------------------------------

Symantec Trojan.Linkoptimizer Removal Tool 1.0.8

Trojan.Linkoptimizer has not been found on your computer.

------------------------------------------------------------------------

gromozon_removal (no armada-log created) ----------------------------

Removal tool loaded into memory
Gromozon rootkit component not detected - searching for other components
Scanning: C:\WINDOWS
Scanning: C:\Programas\Ficheiros comuns

Trojan.Gromozon does not exist - your system is clean.

-------------------------------------------------------------------------

combofix.txt-------------------------------------------------------------

"Jorge Martins" - 2007-05-08 1:39:14 Service Pack 2
ComboFix 07-05.07.3.V - Running from: "C:\Documents and Settings\Jorge Martins\Ambiente de trabalho\"

((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 ))))))))))))))))))))))))))))))))))

2007-05-07 21:04 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-06 20:20 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-05-06 20:20 <DIR> d-------- C:\Programas\Your Uninstaller 2006
2007-05-06 20:20 <DIR> d-------- C:\DOCUME~1\JORGEM~1\APPLIC~1\URSoft

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-06 20:46:22 -------- d-----w C:\DOCUME~1\JORGEM~1\APPLIC~1.\about amok
2007-05-06 19:20:07 -------- d-----w C:\DOCUME~1\JORGEM~1\APPLIC~1.\URSoft
2007-05-06 19:13:35 -------- d--h--w C:\Programas\InstallShield Installation Information
2007-05-06 19:11:55 -------- d-----w C:\Programas\GameSpy Arcade
2007-05-06 19:11:08 -------- d-----w C:\Programas\Finale 2003
2007-05-06 18:46:04 -------- d-----w C:\Programas\eMule
2007-04-25 18:48:41 -------- d-----w C:\Programas\TVU Player
2007-04-25 18:11:45 -------- d-----w C:\Programas\PartyGaming.Net
2007-03-25 17:22:30 64,140 ----a-w C:\WINDOWS\system32\perfc016.dat
2007-03-25 17:22:30 428,328 ----a-w C:\WINDOWS\system32\perfh016.dat
2007-03-17 13:43:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:37:34 578,560 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:34 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:34 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:33:32 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Programas\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx"
"{53707962-6F74-2D53-2644-206D7942484F}"="C:\DOCUME~1\JORGEM~1\AMBIEN~1\ANTI-C~1\SPYBOT~1\SDHelper.dll"
"{8ABC10F3-9DFD-6742-EB72-D9D7C8DD4570}"="C:\WINDOWS\gacud1.dll" [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ESB"="C:\\WINDOWS\\System32\\ESB.exe"
"4mtcsb"="C:\\WINDOWS\\System32\\4mtcsb.EXE"
"PRONoMgr.exe"="C:\\Programas\\Intel\\NCS\\PROSet\\PRONoMgr.exe"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"AudioHQ"="C:\\Programas\\Creative\\SBLive\\AudioHQ\\AHQTB.EXE"
"Creative Launcher"="C:\\Programas\\Creative\\Launcher\\CTLauncher.exe"
"NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"InCD"="C:\\Programas\\Ahead\\InCD\\InCD.exe"
"SunJavaUpdateSched"="C:\\Programas\\Java\\jre1.5.0\\bin\\jusched.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"MessengerPlus3"="\"C:\\Programas\\MessengerPlus! 3\\MsgPlus.exe\""
"QuickTime Task"="\"C:\\Programas\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MessengerPlus3"="\"C:\\Programas\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"
"MSMSGS"="\"C:\\Programas\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="C:\Programas\ewido\security suite\shellhook.dll"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Documents and Settings\Jorge Martins\Ambiente de trabalho\Anti-coisas\AVG Anti-Spyware 7.5\shellexecutehook.dll"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0
HTTPFilter HTTPFilter\0\0
DcomLaunch DcomLaunch\0TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A9CA42FA91C1FC66.job
C:\WINDOWS\tasks\Symantec NetDetect.job

********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-08 01:41:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 2007-05-08 1:41:33
C:\ComboFix-quarantined-files.txt ... 2007-05-08 01:41
C:\ComboFix2.txt ... 2007-05-07 21:04

-----------------------------------------------------------------------

05-07-2007, 06:52 PM	#5 (permalink)
Quanta123 Registered User Join Date: May 2007 Posts: 31 OS: XP	Re: i cant get rid of StrongestOptimizer Hi. Thx for reply. Everything is the same. I still cant uninstall StrongestOptimizer and i cant google HJT. Heres the Logs FixLinkopt.txt----------------------------------------------------------- Symantec Trojan.Linkoptimizer Removal Tool 1.0.8 Trojan.Linkoptimizer has not been found on your computer. ------------------------------------------------------------------------ gromozon_removal (no armada-log created) ---------------------------- Removal tool loaded into memory Gromozon rootkit component not detected - searching for other components Scanning: C:\WINDOWS Scanning: C:\Programas\Ficheiros comuns Trojan.Gromozon does not exist - your system is clean. ------------------------------------------------------------------------- combofix.txt------------------------------------------------------------- "Jorge Martins" - 2007-05-08 1:39:14 Service Pack 2 ComboFix 07-05.07.3.V - Running from: "C:\Documents and Settings\Jorge Martins\Ambiente de trabalho\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-08 to 2007-05-08 )))))))))))))))))))))))))))))))))) 2007-05-07 21:04 49,152 --a------ C:\WINDOWS\nircmd.exe 2007-05-06 20:20 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP 2007-05-06 20:20 <DIR> d-------- C:\Programas\Your Uninstaller 2006 2007-05-06 20:20 <DIR> d-------- C:\DOCUME~1\JORGEM~1\APPLIC~1\URSoft (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-05-06 20:46:22 -------- d-----w C:\DOCUME~1\JORGEM~1\APPLIC~1.\about amok 2007-05-06 19:20:07 -------- d-----w C:\DOCUME~1\JORGEM~1\APPLIC~1.\URSoft 2007-05-06 19:13:35 -------- d--h--w C:\Programas\InstallShield Installation Information 2007-05-06 19:11:55 -------- d-----w C:\Programas\GameSpy Arcade 2007-05-06 19:11:08 -------- d-----w C:\Programas\Finale 2003 2007-05-06 18:46:04 -------- d-----w C:\Programas\eMule 2007-04-25 18:48:41 -------- d-----w C:\Programas\TVU Player 2007-04-25 18:11:45 -------- d-----w C:\Programas\PartyGaming.Net 2007-03-25 17:22:30 64,140 ----a-w C:\WINDOWS\system32\perfc016.dat 2007-03-25 17:22:30 428,328 ----a-w C:\WINDOWS\system32\perfh016.dat 2007-03-17 13:43:47 293,376 ----a-w C:\WINDOWS\system32\winsrv.dll 2007-03-08 15:37:34 578,560 ----a-w C:\WINDOWS\system32\user32.dll 2007-03-08 15:37:34 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll 2007-03-08 15:37:34 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll 2007-03-08 15:33:32 1,843,712 ----a-w C:\WINDOWS\system32\win32k.sys (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"="C:\Programas\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx" "{53707962-6F74-2D53-2644-206D7942484F}"="C:\DOCUME~1\JORGEM~1\AMBIEN~1\ANTI-C~1\SPYBOT~1\SDHelper.dll" "{8ABC10F3-9DFD-6742-EB72-D9D7C8DD4570}"="C:\WINDOWS\gacud1.dll" [x] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "ESB"="C:\\WINDOWS\\System32\\ESB.exe" "4mtcsb"="C:\\WINDOWS\\System32\\4mtcsb.EXE" "PRONoMgr.exe"="C:\\Programas\\Intel\\NCS\\PROSet\\PRONoMgr.exe" "IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe" "HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe" "AudioHQ"="C:\\Programas\\Creative\\SBLive\\AudioHQ\\AHQTB.EXE" "Creative Launcher"="C:\\Programas\\Creative\\Launcher\\CTLauncher.exe" "NeroCheck"="C:\\WINDOWS\\System32\\\\NeroCheck.exe" "InCD"="C:\\Programas\\Ahead\\InCD\\InCD.exe" "SunJavaUpdateSched"="C:\\Programas\\Java\\jre1.5.0\\bin\\jusched.exe" "AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP" "MessengerPlus3"="\"C:\\Programas\\MessengerPlus! 3\\MsgPlus.exe\"" "QuickTime Task"="\"C:\\Programas\\QuickTime\\qttask.exe\" -atboottime" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe" "MessengerPlus3"="\"C:\\Programas\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart" "MSMSGS"="\"C:\\Programas\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="C:\Programas\ewido\security suite\shellhook.dll" "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Documents and Settings\Jorge Martins\Ambiente de trabalho\Anti-coisas\AVG Anti-Spyware 7.5\shellexecutehook.dll" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages msv1_0\0\0 Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages scecli\0\0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService DnsCache\0\0 rpcss RpcSs\0\0 imgsvc StiSvc\0\0 termsvcs TermService\0\0 HTTPFilter HTTPFilter\0\0 DcomLaunch DcomLaunch\0TermService\0\0 HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\A9CA42FA91C1FC66.job C:\WINDOWS\tasks\Symantec NetDetect.job ****************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-08 01:41:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ****************************************************************** Completion time: 2007-05-08 1:41:33 C:\ComboFix-quarantined-files.txt ... 2007-05-08 01:41 C:\ComboFix2.txt ... 2007-05-07 21:04 -----------------------------------------------------------------------